VIEWS: 9 PAGES: 14 POSTED ON: 8/12/2011
Configuring and Managing Computer Security Chapter 14 1. You are the administrator of 10 Windows XP Professional computers that are members of a Windows 2000 domain. Because the computers are used in a public area you audit all security events on the computers. A user named IT2 Salazar reports that while he was using one of the computers it suddenly shut down with a STOP error. When the computer restarted, IT2 Salazar attempts to log on by using the same user name and password that he used before, but receives the following error message: "Your account is configured to prevent you from using this computer. Please try another computer." IT2 states that he did not do anything to cause the STOP error to occur. You want to ensure that IT2 Salazar can get his homework done on this computer. What should you do? A. On the computer, save and clear the security log, set the CrashOnAuditFail setting to 1, and restart the computer. B. On the computer, modify the local audit policy so that system events are not audited, set the CrashOnCtrlScroll setting to 1, and restart the computer. C. In the domain, modify IT2's LogonWorkstations list to include the name of the computer. D. In the domain, modify IT2's account properties to unlock the account. 2. The network in the MCP classroom contains 23 Windows XP Professional computers that were installed by using a RIS image. These computers also use a security template named Standard.inf, which you created and applied to the computers. Navy Information Assurance (IA) releases a new security template named Corporate.inf which you are instructed to apply to all 23 computers in the classroom. You are tasked to make a list of all policies that are defined in the Corporate.inf but that are not already enforced on the computers. You import Corporate.inf into the Security Configuration and Analysis console on your computer. Which policies should you document? A. The policies that are displayed with an X or an exclamation point in the analysis. B. The policies that are displayed with a check mark in the analysis . C. The policies that are displayed as Enabled in the Computer Setting column . D. The policies that are displayed as Disabled in the Computer Setting column . 3. You are the desktop administrator IT”A” School. The school's network contains 1,000 Windows XP Professional computers, which are members of a single Active Directory domain and all the computers’ hard disks are formatted as NTFS. The school's software developers release a new custom application that uses a .dll file named AppLib.dll, which is installed in a folder named \Program Files\Eagle\OpsApp. The school's help desk technicians report that several users are experience problems when they use the application because the AppLib.dll file was deleted on their client computers. The school's software developers recommend that you modify the file permissions on AppLib.dll so that users have only Read permission on the file. You need to ensure that all users have only Read permission on the AppLib.dll file on all 1,000 Windows XP Professional computers. What should you do? A. Write a logon script that moves the AppLib.dll file into the %systemroot%\System32 folder. Ensure that Windows File Protection is enabled on all 1,000 Windows XP Professional computers. Apply the logon script to all domain user accounts. B. Repackage the customer application in a Windows Installer package. Ask a domain administrator to create a Group Policy object (GPO) that advertises the package to all domain user accounts. C. Use the Security Configuration and Analysis console to create a new security template that modifies the file permissions on AppLib.dll. Use the Active Directory Group Policy to import and apply the template to all 1,000 Windows XP Professional computers. D. Write a Microsoft Visual Basic Scripting Edition (VBScript) file named Modify.vbs that modifies the file permissions on AppLib.dll. E mail Modify.vbs to all company employees 4. You are the desktop administrator for ITOF which has a network that consist of a single Microsoft Windows NT domain with 2000 Windows XP Professional computers. The IA department releases a new security template named New.inf. You are tasked to apply this new template to all 2000 computers. You use the Security Configuration and Analysis console to import New.inf into a security database named Security.sdb. Copy Security.sdb to a folder named Sec on a server named Eagle1. How will you apply New.inf to the computers? A. Use the Security Configuration and Analysis console to export a template named New.inf from Security.sdb. Copy New.inf to each client computer. B. Write a logon script that copies Security.sdb to the %systemroot%\System32 folder on each client computer. C. Copy Security.sdb to the Netlogon shared folder on each domain controller. D. Write a logon script that runs the Secedit /configure /db \\Eagle1\Sec\Security.sdb command. Apply the logon script to all domain user accounts. 5. The IT schoolhouse’s network contains 500 Windows XP Professional computers. The IA department releases a new security template named NewSec.inf. You import NewSec.inf into a security database named NewSec.sdb. You analyze the result, and you review the changes that the template makes. You examine the security policies that are defined in NewSec.inf and discover that the settings in NewSec.inf have not been implemented on your computer. You need to ensure that the settings in NewSec.inf overwrite the settings in your computer's local security policy. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Run the Secedit /configure /db C:\NewSec.sdb command. B. Run the Secedit /refreshpolicy machine_policy command. C. Copy NewSec.inf to the C:\Windows\Inf folder. D. Copy NewSec.sdb to the C:\Windows\System32\Microsoft\Protect folder. E. Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a Configure operation. F. Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security template. 6. The network for the ITOF School contains 1000 Windows XP Professional computers that are configured with the students.inf security template. One of the network administrators in the Main building creates a new security template named instructors.inf which is designed to be applied to all computers; however the users in the school have different security requirements from the users in the main building. You need to find out whether the new security template will violate the requirements of the school, what should you do? A. Run the Secedit.exe command in validation mode and specify the new security template. B. Run the Secedit.exe command in configuration mode and specify the new security template. C. Use the Security Configuration and Analysis console to import both templates into a security database, and then perform an Analyze operation. D. Use the Security Configuration and Analysis console to import both templates into a security database, and then perform a Configure operation. 7. The IT administrator for ITOF creates a custom policy that will apply to a custom application that is loaded on the instructor's Windows XP Professional computers. He deploys this policy by using Group Policy. When you inspect the instructor's computers, you find out that the application has not been modified by the policy. You want to examine Windows XP Professional to find out whether the custom policy is affecting the correct location in the Registry. Which command should you run? A. Msinfo32.exe B. Gpresult.exe C. Gpedit.msc D. Rsop.msc 8. The IT administrator for the school needs to distribute a custom application to the Windows XP Professional computers in the A+ classroom. He deploys the software by using Group Policy. Mr. Dowling is an instructor in the A+ classroom. He reports that the custom application is not available. You examine his computer, and you verify that the application is not present. You want to ensure that the software is deployed the next time Mr. Dowling logs on. Which command should you run? A. Secedit /refreshpolicy user_policy /enforce B. Secedit /refreshpolicy machine_policy /enforce C. Gpupdate /target:computer /sync D. Gpupdate /target:user /sync 9. The IA department releases a new security requirement that states that the Telnet service may not be started on any government-owned client computer. You need to create a new security template that prevents the Telnet service from starting on government-owned client computers. You open the Security Configuration and Analysis console on your Windows XP Professional computer. Which portion of the console do you need to configure? System Services 10. The IT office needs to distribute three custom applications to the schoolhouse’s Windows XP Professional computers. They deploy these applications using a Group Policy. Some users report that they must log on several times before the newly deployed applications are present on their computers. What should you do to ensure that all software is deployed the next time the users log on? A. Enable the Always wait for the network at computer startup and logon policy. B. Enable the Always use classic logon policy. C. Enable the Turn off background refresh of Group Policy policy. D. Enable the Group Policy slow link detection policy. 11. IT1 Joseph frequently travels to different commands to deliver MCP training. Because he travels his Windows XP Professional portable computer has a smart card reader for security. IT1 request that you configure his computer to enable dial in to the schoolhouse network when he is traveling. Navy IA security policies state that dial-in users must use a smartcard when they connect to the network and that users use the strongest form of data encryption possible. Policy also directs that client computers must disconnect if the Routing and Remote Access server does not support both smartcard authentication and the strongest possible authentication. Your task is to configure the dial-up connection properties on IT1 Joseph’s computer to dial in to the schoolhouse network making sure that Navy security policies are enforced. Which three action should you take? (Each correct answer presents part of the solution, Choose 3) A. Select the Advanced (custom settings) security option. B. Select the Require data encryption check box. C. Select the Typical (recommended settings) security option. D. Select the Use smart card item from the Validate my identity as follows list. E. Select the Maximum strength encryption item from the Data encryption list. F. Select the Allow these protocols option, and select the MS-CHAP v2 check box. G. Select the Extensible Authentication Protocol (EAP) option, and select Smart Card or other Certificate from the EAP list. 12. You are the administrator of a Windows XP Professional computer named Trust which is connected to the internet and provides internet access to nine other computers. Trust has Internet Connection Sharing (ICS) and Internet Connection Firewall (ICF) enabled. You run an application named Honor on Trust that communicates with an online training Command on the Internet. In order to display an online the training Command needs to contact the Honor application at port 5800. You want to ensure that the training Command can connect to the Honor application, what should you do? A. Configure ICF to enable the Internet Control Message Protocol (ICMP) Allow redirect option. Then start the Honor application that opens port 5800. B. Create a new service definition named Honor. Use port 5800 as the external and internal port number. C. Edit the %systemroot%\System32\Drivers\Etc\Services file on Trust to include a service definition named Honor for port 5800. D. Change the TCP/IP settings on Trust to enable TCP/IP filtering. Permit network traffic on port 5800. 13. You are the desktop administrator for ITOF where all instructors have Windows XP Professional computers and members of the local Users group on their own computers. An instructor in A+ has a removable disk cartridge drive on his computer. The disk cartridge contains an unsupported, third-party file system. Whenever the instructor tries to save data to the disk cartridge, they are prompted to reformat the disk cartridge. However, they receive an “access denied” error message when attempting to reformat. You need to enable the instructors to save testing data to the disk cartridge. What should you do? A. Instruct the user to format the cartridge as FAT32. B. Remove the Read-only attribute from the disk cartridge. C. Add the user to the Power Users local group on the computer. D. Grant the user Allow - Full Control permission on the disk cartridge. E. Configure the local security settings to allow the user to format and eject removable media.
Pages to are hidden for
"Configuring and Managing Computer Security"Please download to view full document